CVE-2009-3733: Path Traversal
First published: Mon Nov 02 2009(Updated: )
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ESXi | =3.0.3 | |
| VMware ESXi | =3.5 | |
| VMware ESXi | =3.5 | |
| VMware Server | =1.0 | |
| VMware Server | =1.0.1 | |
| VMware Server | =1.0.1_build_29996 | |
| VMware Server | =1.0.2 | |
| VMware Server | =1.0.3 | |
| VMware Server | =1.0.4 | |
| VMware Server | =1.0.4_build_56528 | |
| VMware Server | =1.0.5 | |
| VMware Server | =1.0.6 | |
| VMware Server | =1.0.7 | |
| VMware Server | =1.0.8 | |
| VMware Server | =1.0.9 | |
| VMware Server | =2.0.0 | |
| VMware Server | =2.0.1 | |
| Linux | ||
| VMware ESXi and Horizon DaaS | =3.5 | |
| All of | ||
| Any of | ||
| VMware Server | =2.0.0 | |
| VMware Server | =2.0.1 | |
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2009/3062
- http://lists.vmware.com/pipermail/security-announce/2009/000069.html
- http://www.vmware.com/security/advisories/VMSA-2009-0015.html
- http://www.securityfocus.com/bid/36842
- http://secunia.com/advisories/37186
- http://securitytracker.com/id?1023088
- http://securitytracker.com/id?1023089
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822
- http://www.securityfocus.com/archive/1/507523/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-3733?
CVE-2009-3733 is classified as a moderate severity vulnerability that allows remote attackers to read arbitrary files.
How do I fix CVE-2009-3733?
To fix CVE-2009-3733, upgrade VMware Server to versions 1.0.10 or 2.0.2 and VMware ESX or ESXi to their respective patched versions.
Which VMware products are affected by CVE-2009-3733?
CVE-2009-3733 affects VMware Server versions prior to 1.0.10 and 2.0.2, and VMware ESXi and ESX versions 3.5 and 3.0.3.
What are the potential impacts of CVE-2009-3733?
The potential impact of CVE-2009-3733 includes unauthorized access to sensitive files and data exposure for affected systems.
Is CVE-2009-3733 still relevant today?
While CVE-2009-3733 is an older vulnerability, systems running unsupported versions of VMware are still at risk if not properly updated.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/vmware
- canonical/vmware server
- version/vmware server/1.0.9
- version/vmware server/1.0.1_build_29996
- version/vmware server/1.0.1
- canonical/vmware esxi
- version/vmware esxi/3.5
- version/vmware server/1.0.2
- version/vmware server/1.0.8
- version/vmware server/1.0.4
- version/vmware server/1.0.7
- version/vmware server/1.0.4_build_56528
- version/vmware server/1.0.3
- version/vmware server/1.0.6
- version/vmware server/1.0
- version/vmware server/1.0.5
- version/vmware esxi/3.0.3
- version/vmware server/2.0.0
- version/vmware server/2.0.1
- vendor/linux
- canonical/linux kernel
- canonical/linux